Identifying ATT&CK Tactics in Android Malware Control Flow Graph through Graph Representation Learning and Interpretability (Student Abstract)

Authors

  • Jeffrey Fairbanks Northwest Nazarene University
  • Andres Orbe New Jersey Institute of Technology
  • Christine Patterson Boise State University
  • Edoardo Serra Boise State University
  • Marion Scheepers Boise State University

DOI:

https://doi.org/10.1609/aaai.v36i11.21607

Keywords:

Control Flow Graphs, Graph Representation Learning, Interpretability, ATT&CK Tactics

Abstract

To mitigate a malware threat it is important to understand the malware’s behavior. The MITRE ATT&ACK ontology specifies an enumeration of tactics, techniques, and procedures (TTP) that characterize malware. However, absent are automated procedures that would characterize, given the malware executable, which part of the execution flow is connected with a specific TTP. This paper provides an automation methodology to locate TTP in a sub-part of the control flow graph that describes the execution flow of a malware executable. This methodology merges graph representation learning and tools for machine learning explanation.
AAAI-22 Proceedings Cover

Downloads

Published

2022-06-28

How to Cite

Fairbanks, J., Orbe, A., Patterson, C., Serra, E., & Scheepers, M. (2022). Identifying ATT&CK Tactics in Android Malware Control Flow Graph through Graph Representation Learning and Interpretability (Student Abstract). Proceedings of the AAAI Conference on Artificial Intelligence, 36(11), 12941-12942. https://doi.org/10.1609/aaai.v36i11.21607

Issue

Vol. 36 No. 11: IAAI-22, EAAI-22, AAAI-22 Special Programs and Special Track, Student Papers and Demonstrations

Section

AAAI Student Abstract and Poster Program